cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: only use X-Forwarded-Proto on admin tenant calls (port 3002)
All checks were successful
CI / build (push) Successful in 48s
Details
CI / docker (push) Successful in 9s
Details

Browse Source 
Default tenant (port 3001) works without it — adding it caused
Internal server error. Only the admin tenant needs it because
ADMIN_ENDPOINT changed to HTTPS.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-06 23:58:16 +02:00
parent a3af667f76
commit c8ec1da328
1 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docker/logto-bootstrap.sh
View File

@@ -107,7 +107,6 @@ get_default_token() {
curl -s -X POST "${LOGTO_ENDPOINT}/oidc/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Host: ${HOST}" \
-H "X-Forwarded-Proto: https" \
-d "grant_type=client_credentials&client_id=${1}&client_secret=${2}&resource=${MGMT_API_RESOURCE}&scope=all"
}
@@ -117,24 +116,23 @@ TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.access_token' 2>/dev/null)
[ -z "$TOKEN" ] || [ "$TOKEN" = "null" ] && { log "ERROR: Failed to get token"; exit 1; }
log "Got Management API token."
# --- Helper: Logto API calls (X-Forwarded-Proto needed since ENDPOINT is HTTPS but internal calls use HTTP) ---
PROXY_HEADERS="-H Host:${HOST} -H X-Forwarded-Proto:https"
# --- Helper: Logto API calls (default tenant, port 3001) ---
api_get() {
curl -s -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}" -H "X-Forwarded-Proto: https" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || echo "[]"
curl -s -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || echo "[]"
}
api_post() {
curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" -H "X-Forwarded-Proto: https" \
curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" \
-d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
}
api_put() {
curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" -H "X-Forwarded-Proto: https" \
curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" \
-d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
}
api_delete() {
curl -s -X DELETE -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}" -H "X-Forwarded-Proto: https" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
curl -s -X DELETE -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
}
api_patch() {
curl -s -X PATCH -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" -H "X-Forwarded-Proto: https" \
curl -s -X PATCH -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" \
-d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
}
@@ -143,7 +141,6 @@ api_patch() {
# ============================================================
EXISTING_APPS=$(api_get "/api/applications")
log "DEBUG api_get /api/applications: $(echo "$EXISTING_APPS" | head -c 300)"
# --- SPA app (for SaaS frontend) ---
SPA_ID=$(echo "$EXISTING_APPS" | jq -r ".[] | select(.name == \"$SPA_APP_NAME\" and .type == \"SPA\") | .id")